Firewall Wizards mailing list archives
Re:
From: roger nebel <roger () homecom com>
Date: Tue, 16 Jun 1998 00:13:50 -0400
Rick, We typically recommend that a web server that will access a database be alone on a dmz, or third, separate interface off the firewall with separate rules for internet access to the web server and backside access to / from the db which is behind the internal interface. As always, you should start with the business goals for the site, define the requirements, assess your environment and assets (how sensitive is the db info?), develop an appropriate policy, design an architecture which securely meets your needs within your budget, and then develop effective procedures to operate what you deploy. Your best practices may be different. Any of the three methods you mention below will work given adequate policy, technology, people, resources, and management support. good luck, roger Rick Horne wrote:
Hello, I'm looking for information on the best way to allow our web server to access an internal database. We are beginning an Internet commerce site. I've heard of several techniques: 1) The web server has wrapper/stub cgi programs that call cgi routines on a second external box that has permission to cross the firewall (a.k.a. a cgi reflector) 2) Move the web server inside and proxy it out to the Internet. 3) Export database to external server and allow web server to hit that db. I know that many thousands of companies are doing commerce but I've been unable to find a best practices document or other such info. Thanks in advance for any comments, info, or pointers to where I can find some info. Rick ______________________________________________________ Get Your Private, Free Email at http://www.hotmail.com
Current thread:
- [no subject] Rick Horne (Jun 15)
- Re: roger nebel (Jun 16)
- Raptor Eagle 4.0 for Unix NYAN-TJING_LO (Jun 16)